package jdbc;

import javax.xml.transform.Result;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * 预编译SQL
 * 预编译SQL允许我们使用“？”对SQL中的“值”进行占位，这样可以将语意定义，便面出现SQL注入问题
 */
public class Demo8 {
    public static void main(String[] args) {
        try( Connection connection = DBUtil.getConnection();) {
           String sql = "SELECT id,username,password,nicename,age " +
                        "FROM user " +
                        "WHERE username = ? " +
                        "AND password = ?";
           //先将sql语句发送给数据库
            PreparedStatement ps = connection.prepareStatement(sql);
            //通过PreparedStatement将预编译SQL中的“？”来指定对应的值
            ps.setString(1,"张三");
            ps.setString(2,"123456");

            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登陆成功");
            }else {
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
